libndpi.git - Open Source Deep Packet Inspection Software Toolkit

	Commit message (Collapse)	Author	Age
...
*	Add STOMP protocol dissector (#2280)	Vladimir Gavrilov	2024-01-23
\|
*	Improve handling of custom rules (#2276)	Ivan Nardi	2024-01-21
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Avoid collisions between user-ids and internal-ids protocols in the `example/protos.txt` file. Add a new value for the classification confidence: `NDPI_CONFIDENCE_CUSTOM_RULE` With `./example/ndpiReader -p example/protos.txt -H` we now see also the custom protocols and their internal/external ids: ``` nDPI supported protocols: Id Userd-id Protocol Layer_4 Nw_Proto Breed Category 0 0 Unknown TCP X Unrated Unspecified ... 387 387 Mumble UDP X Fun VoIP 388 388 iSCSI TCP Acceptable Unspecified 389 389 Kibana TCP Acceptable Unspecified 390 390 TestProto TCP Acceptable Unspecified 391 391 HomeRouter TCP Acceptable Unspecified 392 392 CustomProtocol TCP Acceptable Unspecified 393 393 AmazonPrime TCP Acceptable Unspecified 394 394 CustomProtocolA TCP Acceptable Unspecified 395 395 CustomProtocolB TCP Acceptable Unspecified 396 800 CustomProtocolC TCP Acceptable Unspecified 397 1024 CustomProtocolD TCP Acceptable Unspecified 398 2048 CustomProtocolE TCP Acceptable Unspecified 399 2049 CustomProtocolF TCP Acceptable Unspecified 400 2050 CustomProtocolG TCP Acceptable Unspecified 401 65535 CustomProtocolH TCP Acceptable Unspecified ``` We likely need to take a better look in general at the iteration between internal and external protocols ids... This PR fixes the issue observed in https://github.com/ntop/nDPI/pull/2274#discussion_r1460674874 and in https://github.com/ntop/nDPI/pull/2275.
*	Add Yojimbo (netcode) protocol dissector (#2277)	Toni	2024-01-21
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	config: follow-up (#2268)	Ivan Nardi	2024-01-20
\| \| \| \| \| \|	Some changes in the parameters names. Add a fuzzer to fuzz the configuration file format. Add the infrastructure to configuratin callbacks. Add an helper to map LRU cache indexes to names.
*	Fix detection of new Cassandra versions (#2272)	Vladimir Gavrilov	2024-01-20
\| \| \| \| \| \| \|	* Fix detection of new Cassandra versions * Add Cassandra Internode Communication protocol support * Add default port for Cassandra Internode Communication protocol
*	Add a dedicated dissector for Zoom (#2265)	Ivan Nardi	2024-01-19
\| \| \|	Move it from the RTP code and extend it
*	Add Mumble detection support (#2269)	Vladimir Gavrilov	2024-01-19
\|
*	Rework Steam detection (part 1) (#2264)	Vladimir Gavrilov	2024-01-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Clean up Steam dissector * Add Steam Datagram Relay dissector * Update docs * Update test results * Remove csgo.c from MSVC project * Small fixes * Add Steam TLS pcap sample * Merge Steam pcap samples into single one * Fix typo * Update test results
*	config: allow configuration of guessing algorithms	Nardi Ivan	2024-01-18
\|
*	config: move debug/log configuration to the new API	Nardi Ivan	2024-01-18
\|
*	config: DNS: add two configuration options	Nardi Ivan	2024-01-18
\| \| \| \| \|	* Enable/disable sub-classification of DNS flows * Enable/disable processing of DNS responses
*	config: HTTP: enable/disable processing of HTTP responses	Nardi Ivan	2024-01-18
\|
*	config: configure TLS certificate expiration with the new API	Nardi Ivan	2024-01-18
\|
*	config: remove `enum ndpi_prefs`	Nardi Ivan	2024-01-18
\|
*	config: remove `ndpi_set_detection_preferences()`	Nardi Ivan	2024-01-18
\|
*	config: move cfg of aggressiviness and opportunistic TLS to the new API	Nardi Ivan	2024-01-18
\|
*	config: move IP lists configurations to the new API	Nardi Ivan	2024-01-18
\|
*	config: move LRU cache configurations to the new API	Nardi Ivan	2024-01-18
\|
*	Make `ndpi_finalize_initialization()` returns an error code	Nardi Ivan	2024-01-18
\| \| \| \|	We should check if the initialization was fine or not
*	New API for library configuration	Nardi Ivan	2024-01-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This is the first step into providing (more) configuration options in nDPI. The idea is to have a simple way to configure (most of) nDPI: only one function (`ndpi_set_config()`) to set any configuration parameters (in the present or on in the future) and we try to keep this function prototype as agnostic as possible. You can configure the library: * via API, using `ndpi_set_config()` * via a configuration file, in a text format This way, anytime we need to add a new configuration parameter: * we don't need to add two public functions (a getter and a setter) * we don't break API/ABI compatibility of the library; even changing the parameter type (from integer to a list of integer, for example) doesn't break the compatibility. The complete list of configuration options is provided in `doc/configuration_parameters.md`. As a first example, two configuration knobs are provided: * the ability to enable/disable the extraction of the sha1 fingerprint of the TLS certificates. * the upper limit on the number of packets per flow that will be subject to inspection
*	Added new API calls	Luca	2024-01-15
\| \| \| \| \| \| \| \| \| \|	- ndpi_load_domain_suffixes() - ndpi_get_host_domain_suffix() whose goal is to find the domain name of a hostname. Example: www.bbc.co.uk -> co.uk mail.apple.com -> com
*	Fix some warnings reported by CODESonar (#2227)	Ivan Nardi	2024-01-12
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Remove some unreached/duplicated code. Add error checking for `atoi()` calls. About `isdigit()` and similar functions. The warning reported is: ``` Negative Character Value help isdigit() is invoked here with an argument of signed type char, but only has defined behavior for int arguments that are either representable as unsigned char or equal to the value of macro EOF(-1). Casting the argument to unsigned char will avoid the undefined behavior. In a number of libc implementations, isdigit() is implemented using lookup tables (arrays): passing in a negative value can result in a read underrun. ``` Switching to our macros fix that. Add a check to `check_symbols.sh` to avoid using the original functions from libc.
*	Add KCP protocol dissector. (#2257)	Toni	2024-01-12
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Add Roughtime protocol dissector. (#2248)	Toni	2024-01-09
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Add realtime protocol output to `ndpiReader`. (#2197)	Toni	2024-01-09
\| \| \| \| \| \|	* support for using a new flow callback invoked before the flow memory is free'd * minor fixes Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	Fix default port conflicts between AJP and CiscoVPN (#2245)	Ivan Nardi	2024-01-08
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We shouldn't have the same default port associated with multiple protocols. The key reason is that we use only one of them (for classification by-port, for example) and which one we really use depends on the internal order of the protocolsi's initialization (which is unknown to the user). We have 3 port collisions: * 8009: AJP and CiscoVPN * 445: SMBv1 and SMBv23 * 8080: HTTP_Connect and HTTP_Proxy I think that the two last cases don't really matter... About the first one: it seems that CiscoVPN is retired from 2011/2014 (see https://www.cisco.com/c/en/us/obsolete/security/cisco-vpn-client.html) and superseded by AnyConnect, which uses different ports (see https://community.cisco.com/t5/network-security/what-protocols-are-used-on-anyconnect-mobility-client/td-p/4713525). Therefore it should be safe to remove 8009 from the CiscoVPN default ports.
*	Add Ceph protocol dissector (#2242)	Vladimir Gavrilov	2024-01-04
\| \| \| \| \|	* Add Ceph protocol dissector * Update protocols.rst
*	Add HL7 protocol dissector (#2240)	Vladimir Gavrilov	2024-01-02
\| \| \| \| \| \| \|	* Add HL7 protocol dissector * Small fixes * Small fixes
*	Add IEC62056 (DLMS/COSEM) protocol dissector (#2229)	Vladimir Gavrilov	2024-01-02
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Add IEC62056 (DLMS/COSEM) protocol dissector * Fix detection on big endian architectures * Update protocols.rst * Add ndpi_crc16_x25 to fuzz/fuzz_alg_crc32_md5.c * Update pcap sample * Remove empty .out file * iec62056: add some documentation --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
*	Remove Google Hangouts/Duo stuff (#2233)	Vladimir Gavrilov	2024-01-02
\| \| \| \| \|	* Remove Google Hangouts/Duo support * Update protocols.rst
*	Add NoMachine NX protocol dissector (#2234)	Vladimir Gavrilov	2024-01-02
\| \| \| \| \| \| \| \| \|	* Add NoMachine protocol dissector * Fix detection on big endian architectures * Make NoMachine over UDP check more strict * Small fixes
*	New ndpi_sha256() nDPI API call (#2230)	Luca Deri	2023-12-23
\| \| \| \| \|	* Added ndpi_sha256.c to the Windows project * Added ndpi_sha256() nDPI API call
*	Add Apache Kafka protocol dissector (#2226)	Vladimir Gavrilov	2023-12-22
\|
*	Add WebDAV detection support (#2224)	Vladimir Gavrilov	2023-12-22
\| \| \| \| \| \| \| \| \| \| \| \| \|	* Add WebDAV detection support * Add pcap example * Update test results * Remove redundant checks * Add WebDAV related HTTP methods to fuzz/dictionary.dict * Add note about WebDAV
*	Various MDNS flow risks fixes	Luca	2023-12-21
\|
*	Add JSON-RPC protocol dissector (#2217)	Vladimir Gavrilov	2023-12-20
\| \| \| \| \| \| \|	* Add JSON-RPC protocol dissector * Small fixes * Improve detection
*	Add OpenFlow protocol dissector (#2222)	Vladimir Gavrilov	2023-12-20
\|
*	Rename NDPI_PROTOCOL_RPC to NDPI_PROTOCOL_MS_RPCH (#2218)	Vladimir Gavrilov	2023-12-19
\| \| \| \| \| \| \|	* Rename NDPI_PROTOCOL_RPC to NDPI_PROTOCOL_MS_RPCH * Add protocol description * Improve MS-RPCH detection
*	Add UFTP protocol dissector (#2215)	Vladimir Gavrilov	2023-12-18
\| \| \| \| \| \| \|	* Add UFTP protocol dissector * Update docs * Merge pcap files
*	Add HiSLIP protocol dissector (#2214)	Vladimir Gavrilov	2023-12-17
\| \| \| \| \|	* Add HiSLIP protocol dissector * Fix error
*	Add PROFINET/IO protocol dissector (#2213)	Vladimir Gavrilov	2023-12-16
\| \| \| \| \| \| \| \| \|	* Add PROFINET/IO protocol dissector * Add LE (Little Endian) to the file name * Rework dissector * Remove redundant check
*	Add Monero protocol classification. (#2196)	Toni	2023-12-13
\| \| \|	Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
*	fuzz: extend fuzzing coverage (#2208)	Ivan Nardi	2023-12-11
\|
*	STUN: rework extra dissection (#2202)	Ivan Nardi	2023-12-11
\| \| \| \| \| \| \|	Keep looking for RTP packets but remove the monitoring concept. We will re-introduce a more general concept of "flow in monitoring state" later. The function was disabled by default. Some configuration knobs will be provided when/if #2190 is merged.
*	Add Ether-S-Bus protocol dissector (#2200)	Vladimir Gavrilov	2023-12-05
\|
*	Add IEEE C37.118 protocol dissector (#2193)	Vladimir Gavrilov	2023-12-05
\|
*	TLS: remove JA3+ fingerprints. (#2192)	Ivan Nardi	2023-12-05
\| \| \|	See: #2191
*	Add ISO 9506-1 MMS protocol dissector (#2189)	Vladimir Gavrilov	2023-12-01
\| \| \| \|	* Add ISO 9506-1 MMS protocol dissector * Fix detection on big-endian architectures
*	Add Beckhoff ADS protocol dissector (#2181)	Vladimir Gavrilov	2023-11-30
\| \| \| \| \| \| \|	* Add Beckhoff ADS protocol dissector * Remove redundant le32toh * Fix detection on big-endian architectures
*	Rework extraction of HTTP headers (#2183)	Ivan Nardi	2023-11-29
\| \| \| \| \| \|	Extract only the headers that we really need/use. Avoid too many `strcmp`; the algorithm might be a little bit overwhelming right now but it might be useful if we have further headers in the future.